postdoc 0.1.2 → 0.2.0.beta4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/lib/pdf.js +27 -0
- data/lib/postdoc.rb +3 -7
- data/node_modules/agent-base/History.md +113 -0
- data/node_modules/agent-base/README.md +145 -0
- data/node_modules/agent-base/index.js +160 -0
- data/node_modules/agent-base/package.json +35 -0
- data/node_modules/agent-base/patch-core.js +37 -0
- data/node_modules/agent-base/test/ssl-cert-snakeoil.key +15 -0
- data/node_modules/agent-base/test/ssl-cert-snakeoil.pem +12 -0
- data/node_modules/agent-base/test/test.js +673 -0
- data/node_modules/async-limiter/LICENSE +8 -0
- data/node_modules/async-limiter/coverage/coverage.json +1 -0
- data/node_modules/async-limiter/coverage/lcov-report/async-throttle/index.html +73 -0
- data/node_modules/async-limiter/coverage/lcov-report/async-throttle/index.js.html +246 -0
- data/node_modules/async-limiter/coverage/lcov-report/base.css +182 -0
- data/node_modules/async-limiter/coverage/lcov-report/index.html +73 -0
- data/node_modules/async-limiter/coverage/lcov-report/prettify.css +1 -0
- data/node_modules/async-limiter/coverage/lcov-report/prettify.js +1 -0
- data/node_modules/async-limiter/coverage/lcov-report/sort-arrow-sprite.png +0 -0
- data/node_modules/async-limiter/coverage/lcov-report/sorter.js +156 -0
- data/node_modules/async-limiter/coverage/lcov.info +74 -0
- data/node_modules/async-limiter/index.js +67 -0
- data/node_modules/async-limiter/package.json +35 -0
- data/node_modules/async-limiter/readme.md +132 -0
- data/node_modules/balanced-match/LICENSE.md +21 -0
- data/node_modules/balanced-match/README.md +91 -0
- data/node_modules/balanced-match/index.js +59 -0
- data/node_modules/balanced-match/package.json +49 -0
- data/node_modules/brace-expansion/LICENSE +21 -0
- data/node_modules/brace-expansion/README.md +129 -0
- data/node_modules/brace-expansion/index.js +201 -0
- data/node_modules/brace-expansion/package.json +47 -0
- data/node_modules/buffer-from/index.js +69 -0
- data/node_modules/buffer-from/package.json +16 -0
- data/node_modules/buffer-from/readme.md +69 -0
- data/node_modules/buffer-from/test.js +12 -0
- data/node_modules/concat-map/LICENSE +18 -0
- data/node_modules/concat-map/README.markdown +62 -0
- data/node_modules/concat-map/example/map.js +6 -0
- data/node_modules/concat-map/index.js +13 -0
- data/node_modules/concat-map/package.json +43 -0
- data/node_modules/concat-map/test/map.js +39 -0
- data/node_modules/concat-stream/LICENSE +24 -0
- data/node_modules/concat-stream/index.js +144 -0
- data/node_modules/concat-stream/package.json +55 -0
- data/node_modules/concat-stream/readme.md +102 -0
- data/node_modules/core-util-is/LICENSE +19 -0
- data/node_modules/core-util-is/README.md +3 -0
- data/node_modules/core-util-is/float.patch +604 -0
- data/node_modules/core-util-is/lib/util.js +107 -0
- data/node_modules/core-util-is/package.json +32 -0
- data/node_modules/core-util-is/test.js +68 -0
- data/node_modules/debug/CHANGELOG.md +395 -0
- data/node_modules/debug/LICENSE +19 -0
- data/node_modules/debug/Makefile +58 -0
- data/node_modules/debug/README.md +368 -0
- data/node_modules/debug/karma.conf.js +70 -0
- data/node_modules/debug/node.js +1 -0
- data/node_modules/debug/package.json +43 -0
- data/node_modules/debug/src/browser.js +195 -0
- data/node_modules/debug/src/debug.js +225 -0
- data/node_modules/debug/src/index.js +10 -0
- data/node_modules/debug/src/node.js +186 -0
- data/node_modules/es6-promise/CHANGELOG.md +151 -0
- data/node_modules/es6-promise/LICENSE +19 -0
- data/node_modules/es6-promise/README.md +97 -0
- data/node_modules/es6-promise/auto.js +4 -0
- data/node_modules/es6-promise/dist/es6-promise.auto.js +1181 -0
- data/node_modules/es6-promise/dist/es6-promise.auto.map +1 -0
- data/node_modules/es6-promise/dist/es6-promise.auto.min.js +1 -0
- data/node_modules/es6-promise/dist/es6-promise.auto.min.map +1 -0
- data/node_modules/es6-promise/dist/es6-promise.js +1179 -0
- data/node_modules/es6-promise/dist/es6-promise.map +1 -0
- data/node_modules/es6-promise/dist/es6-promise.min.js +1 -0
- data/node_modules/es6-promise/dist/es6-promise.min.map +1 -0
- data/node_modules/es6-promise/es6-promise.d.ts +81 -0
- data/node_modules/es6-promise/lib/es6-promise/-internal.js +266 -0
- data/node_modules/es6-promise/lib/es6-promise/asap.js +119 -0
- data/node_modules/es6-promise/lib/es6-promise/enumerator.js +113 -0
- data/node_modules/es6-promise/lib/es6-promise/polyfill.js +35 -0
- data/node_modules/es6-promise/lib/es6-promise/promise/all.js +52 -0
- data/node_modules/es6-promise/lib/es6-promise/promise/race.js +84 -0
- data/node_modules/es6-promise/lib/es6-promise/promise/reject.js +46 -0
- data/node_modules/es6-promise/lib/es6-promise/promise/resolve.js +48 -0
- data/node_modules/es6-promise/lib/es6-promise/promise.js +427 -0
- data/node_modules/es6-promise/lib/es6-promise/then.js +32 -0
- data/node_modules/es6-promise/lib/es6-promise/utils.js +21 -0
- data/node_modules/es6-promise/lib/es6-promise.auto.js +3 -0
- data/node_modules/es6-promise/lib/es6-promise.js +7 -0
- data/node_modules/es6-promise/package.json +75 -0
- data/node_modules/es6-promisify/README.md +89 -0
- data/node_modules/es6-promisify/dist/promise.js +73 -0
- data/node_modules/es6-promisify/dist/promisify.js +85 -0
- data/node_modules/es6-promisify/package.json +41 -0
- data/node_modules/extract-zip/CONTRIBUTING.md +1 -0
- data/node_modules/extract-zip/LICENSE +23 -0
- data/node_modules/extract-zip/cli.js +20 -0
- data/node_modules/extract-zip/index.js +205 -0
- data/node_modules/extract-zip/node_modules/debug/CHANGELOG.md +362 -0
- data/node_modules/extract-zip/node_modules/debug/LICENSE +19 -0
- data/node_modules/extract-zip/node_modules/debug/Makefile +50 -0
- data/node_modules/extract-zip/node_modules/debug/README.md +312 -0
- data/node_modules/extract-zip/node_modules/debug/component.json +19 -0
- data/node_modules/extract-zip/node_modules/debug/karma.conf.js +70 -0
- data/node_modules/extract-zip/node_modules/debug/node.js +1 -0
- data/node_modules/extract-zip/node_modules/debug/package.json +49 -0
- data/node_modules/extract-zip/node_modules/debug/src/browser.js +185 -0
- data/node_modules/extract-zip/node_modules/debug/src/debug.js +202 -0
- data/node_modules/extract-zip/node_modules/debug/src/index.js +10 -0
- data/node_modules/extract-zip/node_modules/debug/src/inspector-log.js +15 -0
- data/node_modules/extract-zip/node_modules/debug/src/node.js +248 -0
- data/node_modules/extract-zip/package.json +35 -0
- data/node_modules/extract-zip/readme.md +49 -0
- data/node_modules/fd-slicer/CHANGELOG.md +49 -0
- data/node_modules/fd-slicer/LICENSE +21 -0
- data/node_modules/fd-slicer/README.md +189 -0
- data/node_modules/fd-slicer/index.js +277 -0
- data/node_modules/fd-slicer/package.json +36 -0
- data/node_modules/fd-slicer/test/test.js +350 -0
- data/node_modules/fs.realpath/LICENSE +43 -0
- data/node_modules/fs.realpath/README.md +33 -0
- data/node_modules/fs.realpath/index.js +66 -0
- data/node_modules/fs.realpath/old.js +303 -0
- data/node_modules/fs.realpath/package.json +26 -0
- data/node_modules/glob/LICENSE +15 -0
- data/node_modules/glob/README.md +368 -0
- data/node_modules/glob/changelog.md +67 -0
- data/node_modules/glob/common.js +240 -0
- data/node_modules/glob/glob.js +790 -0
- data/node_modules/glob/package.json +43 -0
- data/node_modules/glob/sync.js +486 -0
- data/node_modules/https-proxy-agent/History.md +124 -0
- data/node_modules/https-proxy-agent/README.md +137 -0
- data/node_modules/https-proxy-agent/index.js +229 -0
- data/node_modules/https-proxy-agent/package.json +35 -0
- data/node_modules/https-proxy-agent/test/ssl-cert-snakeoil.key +15 -0
- data/node_modules/https-proxy-agent/test/ssl-cert-snakeoil.pem +12 -0
- data/node_modules/https-proxy-agent/test/test.js +342 -0
- data/node_modules/inflight/LICENSE +15 -0
- data/node_modules/inflight/README.md +37 -0
- data/node_modules/inflight/inflight.js +54 -0
- data/node_modules/inflight/package.json +29 -0
- data/node_modules/inherits/LICENSE +16 -0
- data/node_modules/inherits/README.md +42 -0
- data/node_modules/inherits/inherits.js +7 -0
- data/node_modules/inherits/inherits_browser.js +23 -0
- data/node_modules/inherits/package.json +29 -0
- data/node_modules/isarray/Makefile +6 -0
- data/node_modules/isarray/README.md +60 -0
- data/node_modules/isarray/component.json +19 -0
- data/node_modules/isarray/index.js +5 -0
- data/node_modules/isarray/package.json +45 -0
- data/node_modules/isarray/test.js +20 -0
- data/node_modules/mime/CHANGELOG.md +225 -0
- data/node_modules/mime/CONTRIBUTING.md +5 -0
- data/node_modules/mime/LICENSE +21 -0
- data/node_modules/mime/Mime.js +89 -0
- data/node_modules/mime/README.md +188 -0
- data/node_modules/mime/cli.js +10 -0
- data/node_modules/mime/index.js +4 -0
- data/node_modules/mime/lite.js +4 -0
- data/node_modules/mime/package.json +43 -0
- data/node_modules/mime/src/README_js.md +179 -0
- data/node_modules/mime/src/build.js +71 -0
- data/node_modules/mime/src/test.js +257 -0
- data/node_modules/mime/types/other.json +1 -0
- data/node_modules/mime/types/standard.json +1 -0
- data/node_modules/minimatch/LICENSE +15 -0
- data/node_modules/minimatch/README.md +209 -0
- data/node_modules/minimatch/minimatch.js +923 -0
- data/node_modules/minimatch/package.json +30 -0
- data/node_modules/minimist/LICENSE +18 -0
- data/node_modules/minimist/example/parse.js +2 -0
- data/node_modules/minimist/index.js +187 -0
- data/node_modules/minimist/package.json +40 -0
- data/node_modules/minimist/readme.markdown +73 -0
- data/node_modules/minimist/test/dash.js +24 -0
- data/node_modules/minimist/test/default_bool.js +20 -0
- data/node_modules/minimist/test/dotted.js +16 -0
- data/node_modules/minimist/test/long.js +31 -0
- data/node_modules/minimist/test/parse.js +318 -0
- data/node_modules/minimist/test/parse_modified.js +9 -0
- data/node_modules/minimist/test/short.js +67 -0
- data/node_modules/minimist/test/whitespace.js +8 -0
- data/node_modules/mkdirp/LICENSE +21 -0
- data/node_modules/mkdirp/bin/cmd.js +33 -0
- data/node_modules/mkdirp/bin/usage.txt +12 -0
- data/node_modules/mkdirp/examples/pow.js +6 -0
- data/node_modules/mkdirp/index.js +98 -0
- data/node_modules/mkdirp/package.json +27 -0
- data/node_modules/mkdirp/readme.markdown +100 -0
- data/node_modules/mkdirp/test/chmod.js +41 -0
- data/node_modules/mkdirp/test/clobber.js +38 -0
- data/node_modules/mkdirp/test/mkdirp.js +28 -0
- data/node_modules/mkdirp/test/opts_fs.js +29 -0
- data/node_modules/mkdirp/test/opts_fs_sync.js +27 -0
- data/node_modules/mkdirp/test/perm.js +32 -0
- data/node_modules/mkdirp/test/perm_sync.js +36 -0
- data/node_modules/mkdirp/test/race.js +37 -0
- data/node_modules/mkdirp/test/rel.js +32 -0
- data/node_modules/mkdirp/test/return.js +25 -0
- data/node_modules/mkdirp/test/return_sync.js +24 -0
- data/node_modules/mkdirp/test/root.js +19 -0
- data/node_modules/mkdirp/test/sync.js +32 -0
- data/node_modules/mkdirp/test/umask.js +28 -0
- data/node_modules/mkdirp/test/umask_sync.js +32 -0
- data/node_modules/ms/index.js +152 -0
- data/node_modules/ms/license.md +21 -0
- data/node_modules/ms/package.json +37 -0
- data/node_modules/ms/readme.md +51 -0
- data/node_modules/once/LICENSE +15 -0
- data/node_modules/once/README.md +79 -0
- data/node_modules/once/once.js +42 -0
- data/node_modules/once/package.json +33 -0
- data/node_modules/path-is-absolute/index.js +20 -0
- data/node_modules/path-is-absolute/license +21 -0
- data/node_modules/path-is-absolute/package.json +43 -0
- data/node_modules/path-is-absolute/readme.md +59 -0
- data/node_modules/pend/LICENSE +23 -0
- data/node_modules/pend/README.md +41 -0
- data/node_modules/pend/index.js +55 -0
- data/node_modules/pend/package.json +18 -0
- data/node_modules/pend/test.js +137 -0
- data/node_modules/process-nextick-args/index.js +44 -0
- data/node_modules/process-nextick-args/license.md +19 -0
- data/node_modules/process-nextick-args/package.json +25 -0
- data/node_modules/process-nextick-args/readme.md +18 -0
- data/node_modules/progress/CHANGELOG.md +115 -0
- data/node_modules/progress/LICENSE +22 -0
- data/node_modules/progress/Makefile +8 -0
- data/node_modules/progress/README.md +146 -0
- data/node_modules/progress/index.js +1 -0
- data/node_modules/progress/lib/node-progress.js +231 -0
- data/node_modules/progress/package.json +25 -0
- data/node_modules/proxy-from-env/README.md +131 -0
- data/node_modules/proxy-from-env/index.js +103 -0
- data/node_modules/proxy-from-env/package.json +35 -0
- data/node_modules/proxy-from-env/test.js +393 -0
- data/node_modules/puppeteer/CONTRIBUTING.md +206 -0
- data/node_modules/puppeteer/DeviceDescriptors.js +704 -0
- data/node_modules/puppeteer/LICENSE +202 -0
- data/node_modules/puppeteer/README.md +306 -0
- data/node_modules/puppeteer/index.js +28 -0
- data/node_modules/puppeteer/install.js +122 -0
- data/node_modules/puppeteer/lib/Browser.js +186 -0
- data/node_modules/puppeteer/lib/BrowserFetcher.js +279 -0
- data/node_modules/puppeteer/lib/Connection.js +246 -0
- data/node_modules/puppeteer/lib/Coverage.js +301 -0
- data/node_modules/puppeteer/lib/Dialog.js +84 -0
- data/node_modules/puppeteer/lib/ElementHandle.js +328 -0
- data/node_modules/puppeteer/lib/EmulationManager.js +89 -0
- data/node_modules/puppeteer/lib/ExecutionContext.js +232 -0
- data/node_modules/puppeteer/lib/FrameManager.js +997 -0
- data/node_modules/puppeteer/lib/Input.js +309 -0
- data/node_modules/puppeteer/lib/Launcher.js +310 -0
- data/node_modules/puppeteer/lib/Multimap.js +95 -0
- data/node_modules/puppeteer/lib/NavigatorWatcher.js +137 -0
- data/node_modules/puppeteer/lib/NetworkManager.js +796 -0
- data/node_modules/puppeteer/lib/Page.js +1098 -0
- data/node_modules/puppeteer/lib/Pipe.js +69 -0
- data/node_modules/puppeteer/lib/Puppeteer.js +60 -0
- data/node_modules/puppeteer/lib/Target.js +88 -0
- data/node_modules/puppeteer/lib/TaskQueue.js +17 -0
- data/node_modules/puppeteer/lib/Tracing.js +99 -0
- data/node_modules/puppeteer/lib/USKeyboardLayout.js +281 -0
- data/node_modules/puppeteer/lib/helper.js +248 -0
- data/node_modules/puppeteer/node6/lib/Browser.js +394 -0
- data/node_modules/puppeteer/node6/lib/BrowserFetcher.js +357 -0
- data/node_modules/puppeteer/node6/lib/Connection.js +350 -0
- data/node_modules/puppeteer/node6/lib/Coverage.js +561 -0
- data/node_modules/puppeteer/node6/lib/Dialog.js +136 -0
- data/node_modules/puppeteer/node6/lib/ElementHandle.js +796 -0
- data/node_modules/puppeteer/node6/lib/EmulationManager.js +115 -0
- data/node_modules/puppeteer/node6/lib/ExecutionContext.js +414 -0
- data/node_modules/puppeteer/node6/lib/FrameManager.js +1621 -0
- data/node_modules/puppeteer/node6/lib/Input.js +569 -0
- data/node_modules/puppeteer/node6/lib/Launcher.js +362 -0
- data/node_modules/puppeteer/node6/lib/Multimap.js +95 -0
- data/node_modules/puppeteer/node6/lib/NavigatorWatcher.js +163 -0
- data/node_modules/puppeteer/node6/lib/NetworkManager.js +1108 -0
- data/node_modules/puppeteer/node6/lib/Page.js +2242 -0
- data/node_modules/puppeteer/node6/lib/Pipe.js +69 -0
- data/node_modules/puppeteer/node6/lib/Puppeteer.js +60 -0
- data/node_modules/puppeteer/node6/lib/Target.js +114 -0
- data/node_modules/puppeteer/node6/lib/TaskQueue.js +17 -0
- data/node_modules/puppeteer/node6/lib/Tracing.js +177 -0
- data/node_modules/puppeteer/node6/lib/USKeyboardLayout.js +281 -0
- data/node_modules/puppeteer/node6/lib/helper.js +274 -0
- data/node_modules/puppeteer/package.json +61 -0
- data/node_modules/readable-stream/CONTRIBUTING.md +38 -0
- data/node_modules/readable-stream/GOVERNANCE.md +136 -0
- data/node_modules/readable-stream/LICENSE +47 -0
- data/node_modules/readable-stream/README.md +58 -0
- data/node_modules/readable-stream/doc/wg-meetings/2015-01-30.md +60 -0
- data/node_modules/readable-stream/duplex-browser.js +1 -0
- data/node_modules/readable-stream/duplex.js +1 -0
- data/node_modules/readable-stream/lib/_stream_duplex.js +131 -0
- data/node_modules/readable-stream/lib/_stream_passthrough.js +47 -0
- data/node_modules/readable-stream/lib/_stream_readable.js +1019 -0
- data/node_modules/readable-stream/lib/_stream_transform.js +214 -0
- data/node_modules/readable-stream/lib/_stream_writable.js +687 -0
- data/node_modules/readable-stream/lib/internal/streams/BufferList.js +79 -0
- data/node_modules/readable-stream/lib/internal/streams/destroy.js +74 -0
- data/node_modules/readable-stream/lib/internal/streams/stream-browser.js +1 -0
- data/node_modules/readable-stream/lib/internal/streams/stream.js +1 -0
- data/node_modules/readable-stream/package.json +52 -0
- data/node_modules/readable-stream/passthrough.js +1 -0
- data/node_modules/readable-stream/readable-browser.js +7 -0
- data/node_modules/readable-stream/readable.js +19 -0
- data/node_modules/readable-stream/transform.js +1 -0
- data/node_modules/readable-stream/writable-browser.js +1 -0
- data/node_modules/readable-stream/writable.js +8 -0
- data/node_modules/rimraf/LICENSE +15 -0
- data/node_modules/rimraf/README.md +101 -0
- data/node_modules/rimraf/bin.js +50 -0
- data/node_modules/rimraf/package.json +26 -0
- data/node_modules/rimraf/rimraf.js +364 -0
- data/node_modules/safe-buffer/LICENSE +21 -0
- data/node_modules/safe-buffer/README.md +584 -0
- data/node_modules/safe-buffer/index.d.ts +187 -0
- data/node_modules/safe-buffer/index.js +62 -0
- data/node_modules/safe-buffer/package.json +37 -0
- data/node_modules/string_decoder/LICENSE +48 -0
- data/node_modules/string_decoder/README.md +47 -0
- data/node_modules/string_decoder/lib/string_decoder.js +296 -0
- data/node_modules/string_decoder/package.json +31 -0
- data/node_modules/typedarray/LICENSE +35 -0
- data/node_modules/typedarray/example/tarray.js +4 -0
- data/node_modules/typedarray/index.js +630 -0
- data/node_modules/typedarray/package.json +55 -0
- data/node_modules/typedarray/readme.markdown +61 -0
- data/node_modules/typedarray/test/server/undef_globals.js +19 -0
- data/node_modules/typedarray/test/tarray.js +10 -0
- data/node_modules/ultron/LICENSE +22 -0
- data/node_modules/ultron/README.md +113 -0
- data/node_modules/ultron/index.js +136 -0
- data/node_modules/ultron/package.json +41 -0
- data/node_modules/util-deprecate/History.md +16 -0
- data/node_modules/util-deprecate/LICENSE +24 -0
- data/node_modules/util-deprecate/README.md +53 -0
- data/node_modules/util-deprecate/browser.js +67 -0
- data/node_modules/util-deprecate/node.js +6 -0
- data/node_modules/util-deprecate/package.json +27 -0
- data/node_modules/wrappy/LICENSE +15 -0
- data/node_modules/wrappy/README.md +36 -0
- data/node_modules/wrappy/package.json +29 -0
- data/node_modules/wrappy/wrappy.js +33 -0
- data/node_modules/ws/LICENSE +21 -0
- data/node_modules/ws/README.md +341 -0
- data/node_modules/ws/index.js +15 -0
- data/node_modules/ws/lib/BufferUtil.js +71 -0
- data/node_modules/ws/lib/Constants.js +10 -0
- data/node_modules/ws/lib/ErrorCodes.js +28 -0
- data/node_modules/ws/lib/EventTarget.js +151 -0
- data/node_modules/ws/lib/Extensions.js +203 -0
- data/node_modules/ws/lib/PerMessageDeflate.js +507 -0
- data/node_modules/ws/lib/Receiver.js +553 -0
- data/node_modules/ws/lib/Sender.js +412 -0
- data/node_modules/ws/lib/Validation.js +17 -0
- data/node_modules/ws/lib/WebSocket.js +717 -0
- data/node_modules/ws/lib/WebSocketServer.js +326 -0
- data/node_modules/ws/package.json +46 -0
- data/node_modules/yauzl/LICENSE +21 -0
- data/node_modules/yauzl/README.md +467 -0
- data/node_modules/yauzl/index.js +626 -0
- data/node_modules/yauzl/package.json +36 -0
- data/package.json +5 -0
- data/yarn.lock +240 -0
- metadata +372 -7
- data/app/assets/stylesheets/default.css +0 -4
- data/lib/postdoc/postdoc_view_helper.rb +0 -22
@@ -0,0 +1,584 @@
|
|
1
|
+
# safe-buffer [![travis][travis-image]][travis-url] [![npm][npm-image]][npm-url] [![downloads][downloads-image]][downloads-url] [![javascript style guide][standard-image]][standard-url]
|
2
|
+
|
3
|
+
[travis-image]: https://img.shields.io/travis/feross/safe-buffer/master.svg
|
4
|
+
[travis-url]: https://travis-ci.org/feross/safe-buffer
|
5
|
+
[npm-image]: https://img.shields.io/npm/v/safe-buffer.svg
|
6
|
+
[npm-url]: https://npmjs.org/package/safe-buffer
|
7
|
+
[downloads-image]: https://img.shields.io/npm/dm/safe-buffer.svg
|
8
|
+
[downloads-url]: https://npmjs.org/package/safe-buffer
|
9
|
+
[standard-image]: https://img.shields.io/badge/code_style-standard-brightgreen.svg
|
10
|
+
[standard-url]: https://standardjs.com
|
11
|
+
|
12
|
+
#### Safer Node.js Buffer API
|
13
|
+
|
14
|
+
**Use the new Node.js Buffer APIs (`Buffer.from`, `Buffer.alloc`,
|
15
|
+
`Buffer.allocUnsafe`, `Buffer.allocUnsafeSlow`) in all versions of Node.js.**
|
16
|
+
|
17
|
+
**Uses the built-in implementation when available.**
|
18
|
+
|
19
|
+
## install
|
20
|
+
|
21
|
+
```
|
22
|
+
npm install safe-buffer
|
23
|
+
```
|
24
|
+
|
25
|
+
## usage
|
26
|
+
|
27
|
+
The goal of this package is to provide a safe replacement for the node.js `Buffer`.
|
28
|
+
|
29
|
+
It's a drop-in replacement for `Buffer`. You can use it by adding one `require` line to
|
30
|
+
the top of your node.js modules:
|
31
|
+
|
32
|
+
```js
|
33
|
+
var Buffer = require('safe-buffer').Buffer
|
34
|
+
|
35
|
+
// Existing buffer code will continue to work without issues:
|
36
|
+
|
37
|
+
new Buffer('hey', 'utf8')
|
38
|
+
new Buffer([1, 2, 3], 'utf8')
|
39
|
+
new Buffer(obj)
|
40
|
+
new Buffer(16) // create an uninitialized buffer (potentially unsafe)
|
41
|
+
|
42
|
+
// But you can use these new explicit APIs to make clear what you want:
|
43
|
+
|
44
|
+
Buffer.from('hey', 'utf8') // convert from many types to a Buffer
|
45
|
+
Buffer.alloc(16) // create a zero-filled buffer (safe)
|
46
|
+
Buffer.allocUnsafe(16) // create an uninitialized buffer (potentially unsafe)
|
47
|
+
```
|
48
|
+
|
49
|
+
## api
|
50
|
+
|
51
|
+
### Class Method: Buffer.from(array)
|
52
|
+
<!-- YAML
|
53
|
+
added: v3.0.0
|
54
|
+
-->
|
55
|
+
|
56
|
+
* `array` {Array}
|
57
|
+
|
58
|
+
Allocates a new `Buffer` using an `array` of octets.
|
59
|
+
|
60
|
+
```js
|
61
|
+
const buf = Buffer.from([0x62,0x75,0x66,0x66,0x65,0x72]);
|
62
|
+
// creates a new Buffer containing ASCII bytes
|
63
|
+
// ['b','u','f','f','e','r']
|
64
|
+
```
|
65
|
+
|
66
|
+
A `TypeError` will be thrown if `array` is not an `Array`.
|
67
|
+
|
68
|
+
### Class Method: Buffer.from(arrayBuffer[, byteOffset[, length]])
|
69
|
+
<!-- YAML
|
70
|
+
added: v5.10.0
|
71
|
+
-->
|
72
|
+
|
73
|
+
* `arrayBuffer` {ArrayBuffer} The `.buffer` property of a `TypedArray` or
|
74
|
+
a `new ArrayBuffer()`
|
75
|
+
* `byteOffset` {Number} Default: `0`
|
76
|
+
* `length` {Number} Default: `arrayBuffer.length - byteOffset`
|
77
|
+
|
78
|
+
When passed a reference to the `.buffer` property of a `TypedArray` instance,
|
79
|
+
the newly created `Buffer` will share the same allocated memory as the
|
80
|
+
TypedArray.
|
81
|
+
|
82
|
+
```js
|
83
|
+
const arr = new Uint16Array(2);
|
84
|
+
arr[0] = 5000;
|
85
|
+
arr[1] = 4000;
|
86
|
+
|
87
|
+
const buf = Buffer.from(arr.buffer); // shares the memory with arr;
|
88
|
+
|
89
|
+
console.log(buf);
|
90
|
+
// Prints: <Buffer 88 13 a0 0f>
|
91
|
+
|
92
|
+
// changing the TypedArray changes the Buffer also
|
93
|
+
arr[1] = 6000;
|
94
|
+
|
95
|
+
console.log(buf);
|
96
|
+
// Prints: <Buffer 88 13 70 17>
|
97
|
+
```
|
98
|
+
|
99
|
+
The optional `byteOffset` and `length` arguments specify a memory range within
|
100
|
+
the `arrayBuffer` that will be shared by the `Buffer`.
|
101
|
+
|
102
|
+
```js
|
103
|
+
const ab = new ArrayBuffer(10);
|
104
|
+
const buf = Buffer.from(ab, 0, 2);
|
105
|
+
console.log(buf.length);
|
106
|
+
// Prints: 2
|
107
|
+
```
|
108
|
+
|
109
|
+
A `TypeError` will be thrown if `arrayBuffer` is not an `ArrayBuffer`.
|
110
|
+
|
111
|
+
### Class Method: Buffer.from(buffer)
|
112
|
+
<!-- YAML
|
113
|
+
added: v3.0.0
|
114
|
+
-->
|
115
|
+
|
116
|
+
* `buffer` {Buffer}
|
117
|
+
|
118
|
+
Copies the passed `buffer` data onto a new `Buffer` instance.
|
119
|
+
|
120
|
+
```js
|
121
|
+
const buf1 = Buffer.from('buffer');
|
122
|
+
const buf2 = Buffer.from(buf1);
|
123
|
+
|
124
|
+
buf1[0] = 0x61;
|
125
|
+
console.log(buf1.toString());
|
126
|
+
// 'auffer'
|
127
|
+
console.log(buf2.toString());
|
128
|
+
// 'buffer' (copy is not changed)
|
129
|
+
```
|
130
|
+
|
131
|
+
A `TypeError` will be thrown if `buffer` is not a `Buffer`.
|
132
|
+
|
133
|
+
### Class Method: Buffer.from(str[, encoding])
|
134
|
+
<!-- YAML
|
135
|
+
added: v5.10.0
|
136
|
+
-->
|
137
|
+
|
138
|
+
* `str` {String} String to encode.
|
139
|
+
* `encoding` {String} Encoding to use, Default: `'utf8'`
|
140
|
+
|
141
|
+
Creates a new `Buffer` containing the given JavaScript string `str`. If
|
142
|
+
provided, the `encoding` parameter identifies the character encoding.
|
143
|
+
If not provided, `encoding` defaults to `'utf8'`.
|
144
|
+
|
145
|
+
```js
|
146
|
+
const buf1 = Buffer.from('this is a tést');
|
147
|
+
console.log(buf1.toString());
|
148
|
+
// prints: this is a tést
|
149
|
+
console.log(buf1.toString('ascii'));
|
150
|
+
// prints: this is a tC)st
|
151
|
+
|
152
|
+
const buf2 = Buffer.from('7468697320697320612074c3a97374', 'hex');
|
153
|
+
console.log(buf2.toString());
|
154
|
+
// prints: this is a tést
|
155
|
+
```
|
156
|
+
|
157
|
+
A `TypeError` will be thrown if `str` is not a string.
|
158
|
+
|
159
|
+
### Class Method: Buffer.alloc(size[, fill[, encoding]])
|
160
|
+
<!-- YAML
|
161
|
+
added: v5.10.0
|
162
|
+
-->
|
163
|
+
|
164
|
+
* `size` {Number}
|
165
|
+
* `fill` {Value} Default: `undefined`
|
166
|
+
* `encoding` {String} Default: `utf8`
|
167
|
+
|
168
|
+
Allocates a new `Buffer` of `size` bytes. If `fill` is `undefined`, the
|
169
|
+
`Buffer` will be *zero-filled*.
|
170
|
+
|
171
|
+
```js
|
172
|
+
const buf = Buffer.alloc(5);
|
173
|
+
console.log(buf);
|
174
|
+
// <Buffer 00 00 00 00 00>
|
175
|
+
```
|
176
|
+
|
177
|
+
The `size` must be less than or equal to the value of
|
178
|
+
`require('buffer').kMaxLength` (on 64-bit architectures, `kMaxLength` is
|
179
|
+
`(2^31)-1`). Otherwise, a [`RangeError`][] is thrown. A zero-length Buffer will
|
180
|
+
be created if a `size` less than or equal to 0 is specified.
|
181
|
+
|
182
|
+
If `fill` is specified, the allocated `Buffer` will be initialized by calling
|
183
|
+
`buf.fill(fill)`. See [`buf.fill()`][] for more information.
|
184
|
+
|
185
|
+
```js
|
186
|
+
const buf = Buffer.alloc(5, 'a');
|
187
|
+
console.log(buf);
|
188
|
+
// <Buffer 61 61 61 61 61>
|
189
|
+
```
|
190
|
+
|
191
|
+
If both `fill` and `encoding` are specified, the allocated `Buffer` will be
|
192
|
+
initialized by calling `buf.fill(fill, encoding)`. For example:
|
193
|
+
|
194
|
+
```js
|
195
|
+
const buf = Buffer.alloc(11, 'aGVsbG8gd29ybGQ=', 'base64');
|
196
|
+
console.log(buf);
|
197
|
+
// <Buffer 68 65 6c 6c 6f 20 77 6f 72 6c 64>
|
198
|
+
```
|
199
|
+
|
200
|
+
Calling `Buffer.alloc(size)` can be significantly slower than the alternative
|
201
|
+
`Buffer.allocUnsafe(size)` but ensures that the newly created `Buffer` instance
|
202
|
+
contents will *never contain sensitive data*.
|
203
|
+
|
204
|
+
A `TypeError` will be thrown if `size` is not a number.
|
205
|
+
|
206
|
+
### Class Method: Buffer.allocUnsafe(size)
|
207
|
+
<!-- YAML
|
208
|
+
added: v5.10.0
|
209
|
+
-->
|
210
|
+
|
211
|
+
* `size` {Number}
|
212
|
+
|
213
|
+
Allocates a new *non-zero-filled* `Buffer` of `size` bytes. The `size` must
|
214
|
+
be less than or equal to the value of `require('buffer').kMaxLength` (on 64-bit
|
215
|
+
architectures, `kMaxLength` is `(2^31)-1`). Otherwise, a [`RangeError`][] is
|
216
|
+
thrown. A zero-length Buffer will be created if a `size` less than or equal to
|
217
|
+
0 is specified.
|
218
|
+
|
219
|
+
The underlying memory for `Buffer` instances created in this way is *not
|
220
|
+
initialized*. The contents of the newly created `Buffer` are unknown and
|
221
|
+
*may contain sensitive data*. Use [`buf.fill(0)`][] to initialize such
|
222
|
+
`Buffer` instances to zeroes.
|
223
|
+
|
224
|
+
```js
|
225
|
+
const buf = Buffer.allocUnsafe(5);
|
226
|
+
console.log(buf);
|
227
|
+
// <Buffer 78 e0 82 02 01>
|
228
|
+
// (octets will be different, every time)
|
229
|
+
buf.fill(0);
|
230
|
+
console.log(buf);
|
231
|
+
// <Buffer 00 00 00 00 00>
|
232
|
+
```
|
233
|
+
|
234
|
+
A `TypeError` will be thrown if `size` is not a number.
|
235
|
+
|
236
|
+
Note that the `Buffer` module pre-allocates an internal `Buffer` instance of
|
237
|
+
size `Buffer.poolSize` that is used as a pool for the fast allocation of new
|
238
|
+
`Buffer` instances created using `Buffer.allocUnsafe(size)` (and the deprecated
|
239
|
+
`new Buffer(size)` constructor) only when `size` is less than or equal to
|
240
|
+
`Buffer.poolSize >> 1` (floor of `Buffer.poolSize` divided by two). The default
|
241
|
+
value of `Buffer.poolSize` is `8192` but can be modified.
|
242
|
+
|
243
|
+
Use of this pre-allocated internal memory pool is a key difference between
|
244
|
+
calling `Buffer.alloc(size, fill)` vs. `Buffer.allocUnsafe(size).fill(fill)`.
|
245
|
+
Specifically, `Buffer.alloc(size, fill)` will *never* use the internal Buffer
|
246
|
+
pool, while `Buffer.allocUnsafe(size).fill(fill)` *will* use the internal
|
247
|
+
Buffer pool if `size` is less than or equal to half `Buffer.poolSize`. The
|
248
|
+
difference is subtle but can be important when an application requires the
|
249
|
+
additional performance that `Buffer.allocUnsafe(size)` provides.
|
250
|
+
|
251
|
+
### Class Method: Buffer.allocUnsafeSlow(size)
|
252
|
+
<!-- YAML
|
253
|
+
added: v5.10.0
|
254
|
+
-->
|
255
|
+
|
256
|
+
* `size` {Number}
|
257
|
+
|
258
|
+
Allocates a new *non-zero-filled* and non-pooled `Buffer` of `size` bytes. The
|
259
|
+
`size` must be less than or equal to the value of
|
260
|
+
`require('buffer').kMaxLength` (on 64-bit architectures, `kMaxLength` is
|
261
|
+
`(2^31)-1`). Otherwise, a [`RangeError`][] is thrown. A zero-length Buffer will
|
262
|
+
be created if a `size` less than or equal to 0 is specified.
|
263
|
+
|
264
|
+
The underlying memory for `Buffer` instances created in this way is *not
|
265
|
+
initialized*. The contents of the newly created `Buffer` are unknown and
|
266
|
+
*may contain sensitive data*. Use [`buf.fill(0)`][] to initialize such
|
267
|
+
`Buffer` instances to zeroes.
|
268
|
+
|
269
|
+
When using `Buffer.allocUnsafe()` to allocate new `Buffer` instances,
|
270
|
+
allocations under 4KB are, by default, sliced from a single pre-allocated
|
271
|
+
`Buffer`. This allows applications to avoid the garbage collection overhead of
|
272
|
+
creating many individually allocated Buffers. This approach improves both
|
273
|
+
performance and memory usage by eliminating the need to track and cleanup as
|
274
|
+
many `Persistent` objects.
|
275
|
+
|
276
|
+
However, in the case where a developer may need to retain a small chunk of
|
277
|
+
memory from a pool for an indeterminate amount of time, it may be appropriate
|
278
|
+
to create an un-pooled Buffer instance using `Buffer.allocUnsafeSlow()` then
|
279
|
+
copy out the relevant bits.
|
280
|
+
|
281
|
+
```js
|
282
|
+
// need to keep around a few small chunks of memory
|
283
|
+
const store = [];
|
284
|
+
|
285
|
+
socket.on('readable', () => {
|
286
|
+
const data = socket.read();
|
287
|
+
// allocate for retained data
|
288
|
+
const sb = Buffer.allocUnsafeSlow(10);
|
289
|
+
// copy the data into the new allocation
|
290
|
+
data.copy(sb, 0, 0, 10);
|
291
|
+
store.push(sb);
|
292
|
+
});
|
293
|
+
```
|
294
|
+
|
295
|
+
Use of `Buffer.allocUnsafeSlow()` should be used only as a last resort *after*
|
296
|
+
a developer has observed undue memory retention in their applications.
|
297
|
+
|
298
|
+
A `TypeError` will be thrown if `size` is not a number.
|
299
|
+
|
300
|
+
### All the Rest
|
301
|
+
|
302
|
+
The rest of the `Buffer` API is exactly the same as in node.js.
|
303
|
+
[See the docs](https://nodejs.org/api/buffer.html).
|
304
|
+
|
305
|
+
|
306
|
+
## Related links
|
307
|
+
|
308
|
+
- [Node.js issue: Buffer(number) is unsafe](https://github.com/nodejs/node/issues/4660)
|
309
|
+
- [Node.js Enhancement Proposal: Buffer.from/Buffer.alloc/Buffer.zalloc/Buffer() soft-deprecate](https://github.com/nodejs/node-eps/pull/4)
|
310
|
+
|
311
|
+
## Why is `Buffer` unsafe?
|
312
|
+
|
313
|
+
Today, the node.js `Buffer` constructor is overloaded to handle many different argument
|
314
|
+
types like `String`, `Array`, `Object`, `TypedArrayView` (`Uint8Array`, etc.),
|
315
|
+
`ArrayBuffer`, and also `Number`.
|
316
|
+
|
317
|
+
The API is optimized for convenience: you can throw any type at it, and it will try to do
|
318
|
+
what you want.
|
319
|
+
|
320
|
+
Because the Buffer constructor is so powerful, you often see code like this:
|
321
|
+
|
322
|
+
```js
|
323
|
+
// Convert UTF-8 strings to hex
|
324
|
+
function toHex (str) {
|
325
|
+
return new Buffer(str).toString('hex')
|
326
|
+
}
|
327
|
+
```
|
328
|
+
|
329
|
+
***But what happens if `toHex` is called with a `Number` argument?***
|
330
|
+
|
331
|
+
### Remote Memory Disclosure
|
332
|
+
|
333
|
+
If an attacker can make your program call the `Buffer` constructor with a `Number`
|
334
|
+
argument, then they can make it allocate uninitialized memory from the node.js process.
|
335
|
+
This could potentially disclose TLS private keys, user data, or database passwords.
|
336
|
+
|
337
|
+
When the `Buffer` constructor is passed a `Number` argument, it returns an
|
338
|
+
**UNINITIALIZED** block of memory of the specified `size`. When you create a `Buffer` like
|
339
|
+
this, you **MUST** overwrite the contents before returning it to the user.
|
340
|
+
|
341
|
+
From the [node.js docs](https://nodejs.org/api/buffer.html#buffer_new_buffer_size):
|
342
|
+
|
343
|
+
> `new Buffer(size)`
|
344
|
+
>
|
345
|
+
> - `size` Number
|
346
|
+
>
|
347
|
+
> The underlying memory for `Buffer` instances created in this way is not initialized.
|
348
|
+
> **The contents of a newly created `Buffer` are unknown and could contain sensitive
|
349
|
+
> data.** Use `buf.fill(0)` to initialize a Buffer to zeroes.
|
350
|
+
|
351
|
+
(Emphasis our own.)
|
352
|
+
|
353
|
+
Whenever the programmer intended to create an uninitialized `Buffer` you often see code
|
354
|
+
like this:
|
355
|
+
|
356
|
+
```js
|
357
|
+
var buf = new Buffer(16)
|
358
|
+
|
359
|
+
// Immediately overwrite the uninitialized buffer with data from another buffer
|
360
|
+
for (var i = 0; i < buf.length; i++) {
|
361
|
+
buf[i] = otherBuf[i]
|
362
|
+
}
|
363
|
+
```
|
364
|
+
|
365
|
+
|
366
|
+
### Would this ever be a problem in real code?
|
367
|
+
|
368
|
+
Yes. It's surprisingly common to forget to check the type of your variables in a
|
369
|
+
dynamically-typed language like JavaScript.
|
370
|
+
|
371
|
+
Usually the consequences of assuming the wrong type is that your program crashes with an
|
372
|
+
uncaught exception. But the failure mode for forgetting to check the type of arguments to
|
373
|
+
the `Buffer` constructor is more catastrophic.
|
374
|
+
|
375
|
+
Here's an example of a vulnerable service that takes a JSON payload and converts it to
|
376
|
+
hex:
|
377
|
+
|
378
|
+
```js
|
379
|
+
// Take a JSON payload {str: "some string"} and convert it to hex
|
380
|
+
var server = http.createServer(function (req, res) {
|
381
|
+
var data = ''
|
382
|
+
req.setEncoding('utf8')
|
383
|
+
req.on('data', function (chunk) {
|
384
|
+
data += chunk
|
385
|
+
})
|
386
|
+
req.on('end', function () {
|
387
|
+
var body = JSON.parse(data)
|
388
|
+
res.end(new Buffer(body.str).toString('hex'))
|
389
|
+
})
|
390
|
+
})
|
391
|
+
|
392
|
+
server.listen(8080)
|
393
|
+
```
|
394
|
+
|
395
|
+
In this example, an http client just has to send:
|
396
|
+
|
397
|
+
```json
|
398
|
+
{
|
399
|
+
"str": 1000
|
400
|
+
}
|
401
|
+
```
|
402
|
+
|
403
|
+
and it will get back 1,000 bytes of uninitialized memory from the server.
|
404
|
+
|
405
|
+
This is a very serious bug. It's similar in severity to the
|
406
|
+
[the Heartbleed bug](http://heartbleed.com/) that allowed disclosure of OpenSSL process
|
407
|
+
memory by remote attackers.
|
408
|
+
|
409
|
+
|
410
|
+
### Which real-world packages were vulnerable?
|
411
|
+
|
412
|
+
#### [`bittorrent-dht`](https://www.npmjs.com/package/bittorrent-dht)
|
413
|
+
|
414
|
+
[Mathias Buus](https://github.com/mafintosh) and I
|
415
|
+
([Feross Aboukhadijeh](http://feross.org/)) found this issue in one of our own packages,
|
416
|
+
[`bittorrent-dht`](https://www.npmjs.com/package/bittorrent-dht). The bug would allow
|
417
|
+
anyone on the internet to send a series of messages to a user of `bittorrent-dht` and get
|
418
|
+
them to reveal 20 bytes at a time of uninitialized memory from the node.js process.
|
419
|
+
|
420
|
+
Here's
|
421
|
+
[the commit](https://github.com/feross/bittorrent-dht/commit/6c7da04025d5633699800a99ec3fbadf70ad35b8)
|
422
|
+
that fixed it. We released a new fixed version, created a
|
423
|
+
[Node Security Project disclosure](https://nodesecurity.io/advisories/68), and deprecated all
|
424
|
+
vulnerable versions on npm so users will get a warning to upgrade to a newer version.
|
425
|
+
|
426
|
+
#### [`ws`](https://www.npmjs.com/package/ws)
|
427
|
+
|
428
|
+
That got us wondering if there were other vulnerable packages. Sure enough, within a short
|
429
|
+
period of time, we found the same issue in [`ws`](https://www.npmjs.com/package/ws), the
|
430
|
+
most popular WebSocket implementation in node.js.
|
431
|
+
|
432
|
+
If certain APIs were called with `Number` parameters instead of `String` or `Buffer` as
|
433
|
+
expected, then uninitialized server memory would be disclosed to the remote peer.
|
434
|
+
|
435
|
+
These were the vulnerable methods:
|
436
|
+
|
437
|
+
```js
|
438
|
+
socket.send(number)
|
439
|
+
socket.ping(number)
|
440
|
+
socket.pong(number)
|
441
|
+
```
|
442
|
+
|
443
|
+
Here's a vulnerable socket server with some echo functionality:
|
444
|
+
|
445
|
+
```js
|
446
|
+
server.on('connection', function (socket) {
|
447
|
+
socket.on('message', function (message) {
|
448
|
+
message = JSON.parse(message)
|
449
|
+
if (message.type === 'echo') {
|
450
|
+
socket.send(message.data) // send back the user's message
|
451
|
+
}
|
452
|
+
})
|
453
|
+
})
|
454
|
+
```
|
455
|
+
|
456
|
+
`socket.send(number)` called on the server, will disclose server memory.
|
457
|
+
|
458
|
+
Here's [the release](https://github.com/websockets/ws/releases/tag/1.0.1) where the issue
|
459
|
+
was fixed, with a more detailed explanation. Props to
|
460
|
+
[Arnout Kazemier](https://github.com/3rd-Eden) for the quick fix. Here's the
|
461
|
+
[Node Security Project disclosure](https://nodesecurity.io/advisories/67).
|
462
|
+
|
463
|
+
|
464
|
+
### What's the solution?
|
465
|
+
|
466
|
+
It's important that node.js offers a fast way to get memory otherwise performance-critical
|
467
|
+
applications would needlessly get a lot slower.
|
468
|
+
|
469
|
+
But we need a better way to *signal our intent* as programmers. **When we want
|
470
|
+
uninitialized memory, we should request it explicitly.**
|
471
|
+
|
472
|
+
Sensitive functionality should not be packed into a developer-friendly API that loosely
|
473
|
+
accepts many different types. This type of API encourages the lazy practice of passing
|
474
|
+
variables in without checking the type very carefully.
|
475
|
+
|
476
|
+
#### A new API: `Buffer.allocUnsafe(number)`
|
477
|
+
|
478
|
+
The functionality of creating buffers with uninitialized memory should be part of another
|
479
|
+
API. We propose `Buffer.allocUnsafe(number)`. This way, it's not part of an API that
|
480
|
+
frequently gets user input of all sorts of different types passed into it.
|
481
|
+
|
482
|
+
```js
|
483
|
+
var buf = Buffer.allocUnsafe(16) // careful, uninitialized memory!
|
484
|
+
|
485
|
+
// Immediately overwrite the uninitialized buffer with data from another buffer
|
486
|
+
for (var i = 0; i < buf.length; i++) {
|
487
|
+
buf[i] = otherBuf[i]
|
488
|
+
}
|
489
|
+
```
|
490
|
+
|
491
|
+
|
492
|
+
### How do we fix node.js core?
|
493
|
+
|
494
|
+
We sent [a PR to node.js core](https://github.com/nodejs/node/pull/4514) (merged as
|
495
|
+
`semver-major`) which defends against one case:
|
496
|
+
|
497
|
+
```js
|
498
|
+
var str = 16
|
499
|
+
new Buffer(str, 'utf8')
|
500
|
+
```
|
501
|
+
|
502
|
+
In this situation, it's implied that the programmer intended the first argument to be a
|
503
|
+
string, since they passed an encoding as a second argument. Today, node.js will allocate
|
504
|
+
uninitialized memory in the case of `new Buffer(number, encoding)`, which is probably not
|
505
|
+
what the programmer intended.
|
506
|
+
|
507
|
+
But this is only a partial solution, since if the programmer does `new Buffer(variable)`
|
508
|
+
(without an `encoding` parameter) there's no way to know what they intended. If `variable`
|
509
|
+
is sometimes a number, then uninitialized memory will sometimes be returned.
|
510
|
+
|
511
|
+
### What's the real long-term fix?
|
512
|
+
|
513
|
+
We could deprecate and remove `new Buffer(number)` and use `Buffer.allocUnsafe(number)` when
|
514
|
+
we need uninitialized memory. But that would break 1000s of packages.
|
515
|
+
|
516
|
+
~~We believe the best solution is to:~~
|
517
|
+
|
518
|
+
~~1. Change `new Buffer(number)` to return safe, zeroed-out memory~~
|
519
|
+
|
520
|
+
~~2. Create a new API for creating uninitialized Buffers. We propose: `Buffer.allocUnsafe(number)`~~
|
521
|
+
|
522
|
+
#### Update
|
523
|
+
|
524
|
+
We now support adding three new APIs:
|
525
|
+
|
526
|
+
- `Buffer.from(value)` - convert from any type to a buffer
|
527
|
+
- `Buffer.alloc(size)` - create a zero-filled buffer
|
528
|
+
- `Buffer.allocUnsafe(size)` - create an uninitialized buffer with given size
|
529
|
+
|
530
|
+
This solves the core problem that affected `ws` and `bittorrent-dht` which is
|
531
|
+
`Buffer(variable)` getting tricked into taking a number argument.
|
532
|
+
|
533
|
+
This way, existing code continues working and the impact on the npm ecosystem will be
|
534
|
+
minimal. Over time, npm maintainers can migrate performance-critical code to use
|
535
|
+
`Buffer.allocUnsafe(number)` instead of `new Buffer(number)`.
|
536
|
+
|
537
|
+
|
538
|
+
### Conclusion
|
539
|
+
|
540
|
+
We think there's a serious design issue with the `Buffer` API as it exists today. It
|
541
|
+
promotes insecure software by putting high-risk functionality into a convenient API
|
542
|
+
with friendly "developer ergonomics".
|
543
|
+
|
544
|
+
This wasn't merely a theoretical exercise because we found the issue in some of the
|
545
|
+
most popular npm packages.
|
546
|
+
|
547
|
+
Fortunately, there's an easy fix that can be applied today. Use `safe-buffer` in place of
|
548
|
+
`buffer`.
|
549
|
+
|
550
|
+
```js
|
551
|
+
var Buffer = require('safe-buffer').Buffer
|
552
|
+
```
|
553
|
+
|
554
|
+
Eventually, we hope that node.js core can switch to this new, safer behavior. We believe
|
555
|
+
the impact on the ecosystem would be minimal since it's not a breaking change.
|
556
|
+
Well-maintained, popular packages would be updated to use `Buffer.alloc` quickly, while
|
557
|
+
older, insecure packages would magically become safe from this attack vector.
|
558
|
+
|
559
|
+
|
560
|
+
## links
|
561
|
+
|
562
|
+
- [Node.js PR: buffer: throw if both length and enc are passed](https://github.com/nodejs/node/pull/4514)
|
563
|
+
- [Node Security Project disclosure for `ws`](https://nodesecurity.io/advisories/67)
|
564
|
+
- [Node Security Project disclosure for`bittorrent-dht`](https://nodesecurity.io/advisories/68)
|
565
|
+
|
566
|
+
|
567
|
+
## credit
|
568
|
+
|
569
|
+
The original issues in `bittorrent-dht`
|
570
|
+
([disclosure](https://nodesecurity.io/advisories/68)) and
|
571
|
+
`ws` ([disclosure](https://nodesecurity.io/advisories/67)) were discovered by
|
572
|
+
[Mathias Buus](https://github.com/mafintosh) and
|
573
|
+
[Feross Aboukhadijeh](http://feross.org/).
|
574
|
+
|
575
|
+
Thanks to [Adam Baldwin](https://github.com/evilpacket) for helping disclose these issues
|
576
|
+
and for his work running the [Node Security Project](https://nodesecurity.io/).
|
577
|
+
|
578
|
+
Thanks to [John Hiesey](https://github.com/jhiesey) for proofreading this README and
|
579
|
+
auditing the code.
|
580
|
+
|
581
|
+
|
582
|
+
## license
|
583
|
+
|
584
|
+
MIT. Copyright (C) [Feross Aboukhadijeh](http://feross.org)
|